Re: Proposal to the TSC: enable 2FA requirement across all orgs

Andrew Grimberg

No, that's not actually possible. You can verify if a change comes in
with a GPG signature on it, but not if a particular account is using 2FA
for access to the GitHub UI. Those are two distinctly different things.

As an aside, we currently have a change under review [0] against lftools
that will allow someone with admin rights on a GH org to get an "audit"
of the org including who does and does not have 2FA enabled.



On 5/30/19 3:41 PM, Brian Behlendorf wrote:
Can we tell which commits come in without 2FA?


On 5/30/19 2:02 PM, Christopher Ferris wrote:
You should give a warning. You can add all github ids to a team and @
the team. Maybe give a few days to remediate. I approve subject to
advance warning and update to contributors guides.


Christopher Ferris
IBM Fellow, CTO Open Technology
IBM Digital Business Group, Open Technologies
email: chrisfer@... <mailto:chrisfer@...>
twitter: @christo4ferris
IBM Open Source white
phone: +1 508 667 0402 <tel:+1%20508%20667%200402>

On May 30, 2019, at 4:54 PM, Ry Jones <rjones@...
<mailto:rjones@...>> wrote:

In light of recent discussions on this mailing list,
<> I ask the TSC to
vote by email on enabling 2FA for the Hyperledger and Hyperledger
Labs orgs.

We will lose many members that are committers. It will cause turbulence.
Ry Jones
Community Architect, Hyperledger
Chat <>: @rjones
Brian Behlendorf
Executive Director, Hyperledger
Twitter: @brianbehlendorf

Andrew J Grimberg
Manager Release Engineering
The Linux Foundation

Join to automatically receive all group messages.